Disable csrf using Java config
Good day,
I am trying to learn Spring. I am currently doing this tutorial: http://spring.io/guides/gs/consuming-rest/
I followed all the instructions, however, when I try to launch the application, 403 Displays Disabled.
I searched the net and found out that it has to do with csrf protection. So, I continued searching the net how to disable csrf. Here is my Java config:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
}
My question is, how do I use this configuration? Specifically, where in the code should I insert it?
Here are the other two classes as pointed out in the tutorial. They all belong to the same package (Hello).
@JsonIgnoreProperties(ignoreUnknown = true)
public class Page {
private String name;
private String about;
private String phone;
private String website;
public String getName() {
return name;
}
public String getAbout() {
return about;
}
public String getPhone() {
return phone;
}
public String getWebsite() {
return website;
}
}
public class Application {
public static void main(String[] args) {
RestTemplate restTemplate = new RestTemplate();
Page page = restTemplate.getForObject("http://graph.facebook.com/pivotalsoftware", Page.class);
System.out.println("Name: " + page.getName());
System.out.println("About: " + page.getAbout());
System.out.println("Phone: " + page.getPhone());
System.out.println("Website: " + page.getWebsite());
}
}
source to share
Add @Configuration
to class WebSecurityConfig
and it will auto scan when you start your Spring application. You don't need to write any code.
Here is the code with @Configuration
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable();
}
}
source to share